CYBERSHEATH BLOG

Shakur Stevenson, U.S. Olympic Boxer, is set to advance to the Championship bout of the Men’s bantam 56 kg weight class. The young prospect has already secured at least a silver medal for the U.S, and is looking to break the gold medal drought, which hasn’t been won by an American since 2004 in Athens. Staying ahead of your opponent is key in boxing; having the ability to react quickly and counter are instrumental to a fighter. Those same qualities are imperative to organizations too, and should be baked into one’s security posture; and today, one of the toughest opponents is ‘Ransomware’.

With ransomware attacks on the rise in 2016, a lot of organizations are scared. According to the KnowBe4 2016 Ransomware Threat Concerns survey, many organizations don’t have faith in their backup systems, which compounds the fear of a Crypto-Locker style attack. The survey of over 1100 companies found that 38% of the companies asked had been hit with a ransomware attack in 2016, up from 20% in 2014. Ransomware attackers aren’t just limiting attacks to a single industry. They are hitting hospitals, banking institutions, the manufacturing industry and state and local governments.

What can you do to protect your organization and prevent ransomware attacks from occurring in the first place? Here are three things you can do today to shore up your defenses:

Recently, Hollywood Presbyterian Medical Center paid attackers for the decryption key that held the hospital’s systems and data hostage. While this style of attack is not new, increased attacks have businesses on edge. Ransomware is a malicious software that blocks access to a network or system until a ransom is paid. In many cases, the data is encrypted and there is no economical way to retrieve the data until the decryption key is given to the victim. Usually this only occurs when a ransom is paid. In the case of the Hollywood Presbyterian, they decided to pay the ransom of about 40 bitcoins, worth approximately $17,000.

Security consultants who have assessed healthcare practices have likely interviewed medical staff and got the strong sense (if not directly told) that their work was diverting attention away from patient care. This mentality is one of the reasons why the healthcare industry is facing challenges when it comes to information security. The culture of providing healthcare over all else, the justification for neglecting information security, has finally hit an impasse - patient health and safety was jeopardized by a cyber security incident. The attitude toward information security - the time it takes, the costs - has to change. It’s unfortunate, but it seems to have taken an incident like the one seen at Hollywood Presbyterian to highlight how information security actually aligns with the healthcare industries health-first ideals.